feature-2924: Add an option to suppress server identification headers #3770
+26
−8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
remove-version-and-server-headers had recent pushes 29 minutes ago Add a hide_server_id_headers option that suppresses the
surreal-version
andserver
headersThank you for submitting this pull request! We really appreciate you spending the time to work on these changes.
What is the motivation?
Offering up information such as server running and the particular version can make it easier for bad actors to exploit known vulnerabilities.
What does this change do?
This adds a CLI option to not emit the
server
andsurreal-version
headers. By setting this flag, the server no longer emits this information.What is your testing strategy?
Testing has been done manually. Starting the server without the flag set, curl and check the headers are present. Start the server again with the flag set - use curl to confirm the headers are not present.
Will look at integration tests now.
Is this related to any issues?
Closes #2924
Does this change need documentation?
Probably - not done yet.
If this pull request requires changes, updates, or improvements to the documentation, then add a corresponding issue on the docs.surrealdb.com repository, and link to it here.
Have you read the Contributing Guidelines?